OVS Fuzzing Infrastructure

Open vSwitch is enrolled in the oss-fuzz program. oss-fuzz is a free continuous fuzzing service and infrastructure offered by Google. An enrolled project is continually fuzzed and bug reports are sent to maintainers as and when they are generated.

The technical requirements to enrol OvS in oss-fuzz program are:

• Dockerfile (hosted in Google’s ossfuzz GitHub repo)

• Bash build script (hosted in Google’s ossfuzz GitHub repo)

Each of these requirements is explained in the following paragraphs.

Dockerfile

Dockerfile defines the box in which OvS will be built by oss-fuzz builder bots. This file must be self sufficient in that it must define a build environment in which OvS can be built from source code.

The build environment comprises

• Linux box provided by Google (Ubuntu)

• Packages required to build OvS (e.g., libssl-dev python etc.)

• Source code of OvS (fetched by oss-fuzz builder bots from OvS’ GitHub mirror on a daily basis)

• Build script written in Bash

The Dockerfile definition for OvS is located in the projects/openvswitch/Dockerfile sub-directory of Google’s oss-fuzz repo.

Build script

The build script defines steps required to compile OvS from source code. The (Linux) box used by oss-fuzz builder bots (defined by Dockerfile) is different from the box in which fuzzing actually happens. It follows that the build script must ensure that fuzzing binaries are linked statically so that no assumption is made about packages available in the fuzzing box.

OvS contains a make target called oss-fuzz-targets for compiling and linking OvS fuzzer binaries. The line of bash script responsible for building statically linked OvS fuzzing binaries is the following:

./boot.sh && ./configure && make -j$(nproc) && make oss-fuzz-targets

The oss-fuzz build environment assumes that OvS build system respects compiler/linker flags defined via standard bash environment variables called CFLAGS, CXXFLAGS etc. The oss-fuzz builder bot defines these flags so that OvS fuzzing binaries are correctly instrumented.

oss-fuzz expects all fuzzing binaries, and optionally, configuration and seed inputs to be located in a hard-coded directory, referenced by the bash variable $OUT, in the root filesystem of the build box.

OvS source repo contains configuration for the oss-fuzz fuzzers in the tests/oss-fuzz/config sub-directory. There are two types of configuration files:

• <fuzzer_target_name>.options: Defines configuration options for the fuzzer that apply while fuzzing fuzzer_target_name

• <name>.dict: Defines a dictionary to be used for some fuzzer_target_name

Fuzzer configuration parameters of relevance to OvS are:

• dict: names the dictionary file to be used for fuzzing

• close_fd_mask: defines a file descriptor mask that filters console output generated by OvS fuzzing binaries

OVS Fuzzers ›

‹ What is Fuzzing?

Contents

• Project

• Getting Started
• Tutorials
• How-to Guides
• Deep Dive
  • OVS
    • Design Decisions In Open vSwitch
    • Open vSwitch Datapath Development Guide
    • Fuzzing
    • Integration Guide for Centralized Control
    • Porting Open vSwitch to New Software or Hardware
    • OpenFlow Support in Open vSwitch
    • Bonding
    • Open vSwitch Networking Namespaces on Linux
    • Scaling OVSDB Access With Relay
    • OVSDB Replication Implementation
    • DPDK Support
    • OVS-on-Hyper-V Design
    • Language Bindings
    • Debugging with Record/Replay
    • Testing
    • Tracing packets inside Open vSwitch
    • Userspace Datapath - TSO
    • C IDL Compound Indexes
    • Open vSwitch Extensions
    • Userspace Datapath - Checksum Offloading
    • Userspace Tx packet steering
    • User Statically-Defined Tracing (USDT) probes
• Reference Guide
• Open vSwitch Internals
• Open vSwitch Documentation
• FAQ

Browse

• General Index
• OVS Fuzzers
• What is Fuzzing?

Navigation

• Open vSwitch 3.3.0 documentation
  • Deep Dive
    • Fuzzing
      • OVS Fuzzing Infrastructure